diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service index d4683752..a0c8350b 100644 --- a/host/etc/systemd/tpot.service +++ b/host/etc/systemd/tpot.service @@ -27,9 +27,6 @@ ExecStartPre=-/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^ ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off' ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on' -# Modify access rights on docker.sock for netdata -ExecStartPre=-/bin/chmod 666 /var/run/docker.sock - # Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE # Forward all other connections to honeytrap / NFQUEUE ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set diff --git a/iso/installer/install.sh b/iso/installer/install.sh index 1766ccab..1f38cade 100755 --- a/iso/installer/install.sh +++ b/iso/installer/install.sh @@ -6,11 +6,11 @@ ################################## myLSB=$(lsb_release -r | awk '{ print $2 }') -myLSB_SUPPORTED="18.04" +myLSB_SUPPORTED="testing" myINFO="\ -############################################ -### T-Pot Installer for Ubuntu $myLSB_SUPPORTED LTS ### -############################################ +########################################## +### T-Pot Installer for Debian $myLSB_SUPPORTED ### +########################################## Disclaimer: This script will install T-Pot on this system, by running the script you know what you are doing: @@ -29,7 +29,7 @@ Example: if [ "$myLSB" != "$myLSB_SUPPORTED" ]; then - echo "Aborting. Ubuntu $myLSB is not supported." + echo "Aborting. Debian $myLSB is not supported." exit fi if [ "$1" == "" ]; @@ -64,7 +64,7 @@ for i in "$@" echo " A configuration example is available in \"tpotce/iso/installer/tpot.conf.dist\"." echo echo "--type=<[user, auto, iso]>" - echo " user, use this if you want to manually install a T-Pot on a Ubuntu 18.04 LTS machine." + echo " user, use this if you want to manually install a T-Pot on a Debian (testing) machine." echo " auto, implied if a configuration file is passed as an argument for automatic deployment." echo " iso, use this if you are a T-Pot developer and want to install a T-Pot from a pre-compiled iso." echo @@ -129,7 +129,7 @@ function fuGET_DEPS { local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant" apt-get -y update apt-get -y install software-properties-common -add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse" +add-apt-repository "deb http://ftp.debian.org/debian testing main contrib non-free" echo echo "### Getting update information." echo @@ -215,7 +215,7 @@ export DIALOGRC=/etc/dialogrc myBACKTITLE="T-Pot-Installer" myCONF_FILE="/root/installer/iso.conf" myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" -mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://ubuntu.com" +mySITES="https://hub.docker.com https://github.com https://pypi.python.org https://debian.org" myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" ##################### @@ -375,7 +375,7 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ]; printf "%s" "$myCONF_TPOT_USER:$myPASS1" | chpasswd fi -# Let's ask for a web user credentials if deployment type is iso or user +# Let's ask for web user credentials if deployment type is iso or user # In case of auto, credentials are created from config values # Skip this step entirely if SENSOR flavor if [ "$myTPOT_DEPLOYMENT_TYPE" == "iso" ] || [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ]; @@ -506,15 +506,15 @@ network={ private_key_passwd="$myCONF_PFX_PW" } " -#if [ "myCONF_PFX_USE" == "0" ]; -# then -# cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF -# echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF -# -# echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF -# -# echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF -#fi +if [ "myCONF_PFX_USE" == "0" ]; + then + cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + + echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + + echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF +fi # Let's provide a wireless example config ... myNETWORK_WLANEXAMPLE=" @@ -545,7 +545,7 @@ myNETWORK_WLANEXAMPLE=" # wpa-key-mgmt WPA-PSK # wpa-psk \"\" " -#echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF +echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF # Let's modify the sources list sed -i '/cdrom/d' /etc/apt/sources.list @@ -572,10 +572,6 @@ n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt) myHOST=$a$n hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF -if [ -f "/etc/cloud/cloud.cfg" ]; - then - sed -i 's/preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg -fi # Let's patch cockpit.socket, sshd_config sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF diff --git a/iso/isolinux/txt.cfg b/iso/isolinux/txt.cfg index 825727de..212bf8a5 100755 --- a/iso/isolinux/txt.cfg +++ b/iso/isolinux/txt.cfg @@ -1,6 +1,6 @@ default install label install - menu label ^T-Pot 18.11.1 + menu label ^T-Pot (based on Debian testing) menu default kernel linux append vga=788 initrd=initrd.gz console-setup/ask_detect=true -- diff --git a/iso/preseed/tpot.seed b/iso/preseed/tpot.seed index bbf5d86c..712750aa 100755 --- a/iso/preseed/tpot.seed +++ b/iso/preseed/tpot.seed @@ -25,7 +25,6 @@ d-i console-setup/detected note ######################### ### Network Configuration ######################### -#d-i netcfg/do_not_use_netplan true #d-i netcfg/choose_interface select auto #d-i netcfg/dhcp_timeout string 60 d-i netcfg/get_hostname string t-pot @@ -71,8 +70,8 @@ d-i user-setup/encrypt-home boolean false ### Country Mirror & Proxy Configuration ######################################## d-i mirror/country string manual -d-i mirror/http/hostname string archive.ubuntu.com -d-i mirror/http/directory string /ubuntu +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian d-i mirror/http/proxy string ########################### @@ -91,17 +90,17 @@ d-i lilo-installer/skip boolean true d-i clock-setup/utc boolean true d-i time/zone string UTC d-i clock-setup/ntp boolean true -d-i clock-setup/ntp-server string ntp.ubuntu.com +d-i clock-setup/ntp-server string debian.pool.ntp.org ################## ### Package Groups ################## -tasksel tasksel/first multiselect ubuntu-server +tasksel tasksel/first multiselect ssh-server ######################## ### Package Installation ######################## -d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant +d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount cockpit cockpit-docker curl debconf-utils dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man mosh multitail net-tools npm ntp openssh-server openssl pass prips software-properties-common syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant ################# ### Update Policy diff --git a/makeiso.sh b/makeiso.sh index 7769a4c3..43744c88 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -7,9 +7,8 @@ export DIALOGRC=/etc/dialogrc # Let's define some global vars myBACKTITLE="T-Pot - ISO Creator" # If you need latest hardware support, try using the hardware enablement (hwe) ISO, usually released later in time -# myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hwe-netboot/mini.iso" -myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/netboot/mini.iso" -myUBUNTUISO="mini.iso" +myMINIISOLINK="http://ftp.debian.org/debian/dists/testing/main/installer-amd64/current/images/netboot/mini.iso" +myMINIISO="mini.iso" myTPOTISO="tpot.iso" myTPOTDIR="tpotiso" myTPOTSEED="iso/preseed/tpot.seed" @@ -81,7 +80,7 @@ function valid_ip() } # Let's ask if the user wants to run the script ... -dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Ubuntu Mini ISO and build the T-Pot Install Image." 8 50 +dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Debian Mini ISO and build the T-Pot Install Image." 8 50 mySTART=$? if [ "$mySTART" = "1" ]; then @@ -207,18 +206,18 @@ if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_ echo "myCONF_NTP_CONF_FILE=\"/root/installer/ntp.conf\"" >> $myCONF_FILE fi -# Let's download Ubuntu Minimal ISO -if [ ! -f $myUBUNTUISO ] +# Let's download Debian Minimal ISO +if [ ! -f $myMINIISO ] then - wget $myUBUNTULINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... ]" --gauge "" 5 70; - echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Ubuntu ... Done! ]" --gauge "" 5 70; + wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... ]" --gauge "" 5 70; + echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... Done! ]" --gauge "" 5 70; else dialog --infobox "Using previously downloaded .iso ..." 3 50; fi # Let's loop mount it and copy all contents mkdir -p $myTMP $myTPOTDIR -mount -o loop $myUBUNTUISO $myTMP +mount -o loop $myMINIISO $myTMP rsync -a $myTMP/ $myTPOTDIR umount $myTMP